From fab86ee4880f45ebfc0bd19d0e2fa1dbe15b7efc Mon Sep 17 00:00:00 2001 From: Dulmandakh Date: Mon, 18 Mar 2019 11:58:08 -0700 Subject: [PATCH] use Conscrypt as security provider if available (#23984) Summary: This PR adds support to use Conscrypt as Security Provider if available runtime. Consscrypt supports TLS 1.2 on Android 4.x and TLS 1.3 on all Android versions. Fixes issues (ex https://github.com/facebook/react-native/issues/23151) with HTTPS connections on Android 4.x. Just add below to your project build.gradle and it'll use it. ```gradle implementation('org.conscrypt:conscrypt-android:2.0.0') ``` [Android] [Changed] - Add TLS 1.3 support to all Android versions using Conscrypt. Pull Request resolved: https://github.com/facebook/react-native/pull/23984 Differential Revision: D14506000 Pulled By: cpojer fbshipit-source-id: 58bf18f7203d20519fb4451bae83f01e2f020a44 --- .../react/modules/network/OkHttpClientProvider.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java b/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java index ceeaf874a2a8e7..34aefeabbb1276 100644 --- a/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java +++ b/ReactAndroid/src/main/java/com/facebook/react/modules/network/OkHttpClientProvider.java @@ -13,6 +13,8 @@ import com.facebook.common.logging.FLog; import java.io.File; +import java.security.Provider; +import java.security.Security; import java.util.ArrayList; import java.util.List; import java.util.concurrent.TimeUnit; @@ -69,7 +71,14 @@ public static OkHttpClient.Builder createClientBuilder() { .writeTimeout(0, TimeUnit.MILLISECONDS) .cookieJar(new ReactCookieJarContainer()); - return enableTls12OnPreLollipop(client); + try { + Class ConscryptProvider = Class.forName("org.conscrypt.OpenSSLProvider"); + Security.insertProviderAt( + (Provider) ConscryptProvider.newInstance(), 1); + return client; + } catch (Exception e) { + return enableTls12OnPreLollipop(client); + } } public static OkHttpClient.Builder createClientBuilder(Context context) {